Analysis Overview
SHA256
83008b5d79cd91927f152e4da334ecf90fc6d278ef72b1a5a90cfbd204c57e65
Threat Level: Known bad
The file 2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer was found to be: Known bad.
Malicious Activity Summary
Socelars
Socelars family
Socelars payload
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Kills process with taskkill
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-02 18:21
Signatures
Socelars family
Socelars payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-02 18:21
Reported
2024-12-02 18:23
Platform
win7-20240903-en
Max time kernel
37s
Max time network
139s
Command Line
Signatures
Socelars
Socelars family
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | iplogger.org | N/A | N/A |
| N/A | iplogger.org | N/A | N/A |
Drops file in Program Files directory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im chrome.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d89758,0x7fef6d89768,0x7fef6d89778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2260 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2508 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1324 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3440 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.icodeps.com | udp |
| US | 172.232.31.180:443 | www.icodeps.com | tcp |
| US | 172.232.31.180:443 | www.icodeps.com | tcp |
| US | 172.232.31.180:443 | www.icodeps.com | tcp |
| US | 172.232.31.180:443 | www.icodeps.com | tcp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 172.67.74.161:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | ferramentasadicionais.s3.sa-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| BR | 3.5.232.1:443 | ferramentasadicionais.s3.sa-east-1.amazonaws.com | tcp |
| DE | 157.240.27.35:443 | m.facebook.com | tcp |
| BR | 3.5.232.1:443 | ferramentasadicionais.s3.sa-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | naro-sys-log.s3.amazonaws.com | udp |
| US | 3.5.22.30:443 | naro-sys-log.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | secure.facebook.com | udp |
| DE | 157.240.27.14:443 | secure.facebook.com | tcp |
| DE | 157.240.27.14:443 | secure.facebook.com | tcp |
| US | 8.8.8.8:53 | hyhjuer.s3.eu-west-3.amazonaws.com | udp |
| FR | 16.12.19.18:443 | hyhjuer.s3.eu-west-3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | www.11111111.xyz | udp |
| US | 52.20.84.62:80 | www.11111111.xyz | tcp |
| US | 8.8.8.8:53 | domains.atom.com | udp |
| US | 104.22.72.252:443 | domains.atom.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| FR | 23.15.179.154:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| DE | 2.18.97.123:80 | www.microsoft.com | tcp |
| DE | 157.240.27.14:443 | secure.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | udp |
| DE | 157.240.27.14:443 | secure.facebook.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.16.227:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | www.listfcbt.top | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| DE | 157.240.27.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.typefdq.xyz | udp |
| US | 8.8.8.8:53 | secure.facebook.com | udp |
| DE | 157.240.27.14:443 | secure.facebook.com | udp |
| US | 8.8.8.8:53 | www.rqckdpt.top | udp |
| GB | 172.217.16.227:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_2656_IBWXAMOCQUQEHGLC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 02f5b70e7eb887dc341fbea1cd956155 |
| SHA1 | e301da9da86e7dfcdfb04c5a7ffa0d6722e3762d |
| SHA256 | 1be768f9f9f537ad277ffee8033252284a856c860c9f294f4da3031e64ad9627 |
| SHA512 | d5e57e4cf46c91aecbeb7cd48685f1a88009c9b6d05dbc3660cbb7289480ba35c9841e6ab54065227406a9142d0062d7d4daf13b6118a7e40cf022fee9322c35 |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\icon.png
| MD5 | c8d8c174df68910527edabe6b5278f06 |
| SHA1 | 8ac53b3605fea693b59027b9b471202d150f266f |
| SHA256 | 9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5 |
| SHA512 | d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\content.js
| MD5 | f79618c53614380c5fdc545699afe890 |
| SHA1 | 7804a4621cd9405b6def471f3ebedb07fb17e90a |
| SHA256 | f3f30c5c271f80b0a3a329b11d8e72eb404d0c0dc9c66fa162ca97ccaa1e963c |
| SHA512 | c4e0c4df6ac92351591859a7c4358b3dcd342e00051bf561e68e3fcc2c94fdd8d14bd0a042d88dca33f6c7e952938786378d804f56e84b4eab99e2a5fee96a4c |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\jquery-3.3.1.min.js
| MD5 | a09e13ee94d51c524b7e2a728c7d4039 |
| SHA1 | 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae |
| SHA256 | 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef |
| SHA512 | f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\manifest.json
| MD5 | 6da6b303170ccfdca9d9e75abbfb59f3 |
| SHA1 | 1a8070080f50a303f73eba253ba49c1e6d400df6 |
| SHA256 | 66f5620e3bfe4692b14f62baad60e3269327327565ff8b2438e98ce8ed021333 |
| SHA512 | 872957b63e8a0d10791877e5d204022c08c8e8101807d7ebe6fd537d812ad09e14d8555ccf53dc00525a22c02773aa45b8fa643c05247fb0ce6012382855a89a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\background.html
| MD5 | 9ffe618d587a0685d80e9f8bb7d89d39 |
| SHA1 | 8e9cae42c911027aafae56f9b1a16eb8dd7a739c |
| SHA256 | a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e |
| SHA512 | a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12 |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js
| MD5 | d7cf86f8e2b4f2fa96e4d8e67a02914f |
| SHA1 | 213c98377150455a802ec533acca4d93a7ce9bb5 |
| SHA256 | 34d56f4407221d8f367edb48597f4528bc36d007fa9465b7cf68c719da4d4d70 |
| SHA512 | ba322dc0dc98eaa0fd1e71c0553d3ed053d482e39c0f566cf66969653dd1be1201e9abf654cfcfaff0fa8b1040e1d3691add139554337717031c20689a7c17e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\aieoplapobidheellikiicjfpamacpfd\CURRENT~RFf76c2e2.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\pad-nopadding.js
| MD5 | 0f26002ee3b4b4440e5949a969ea7503 |
| SHA1 | 31fc518828fe4894e8077ec5686dce7b1ed281d7 |
| SHA256 | 282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d |
| SHA512 | 4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11 |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\mode-ecb.js
| MD5 | 23231681d1c6f85fa32e725d6d63b19b |
| SHA1 | f69315530b49ac743b0e012652a3a5efaed94f17 |
| SHA256 | 03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a |
| SHA512 | 36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2 |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\aes.js
| MD5 | 4ff108e4584780dce15d610c142c3e62 |
| SHA1 | 77e4519962e2f6a9fc93342137dbb31c33b76b04 |
| SHA256 | fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a |
| SHA512 | d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2 |
C:\Users\Admin\AppData\Local\Temp\CabC3BC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Temp\TarCD60.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69e976e105278ea75e891d0afb9438ad |
| SHA1 | 7c083e000c837e9ec83546b2b4b0844d78724af6 |
| SHA256 | 140049be570c9ff5db87ba22af8485f0729dd7daa294c8f6a5c32b6d4a87b71a |
| SHA512 | 860ada034b23d3a2eb1ead8475282c2a9584a248bce697fd03ac4d4455a2c1148bc95fe0a88a83c8c60bbcf0e126b733e8013bb1c05c520acdf9ddcbaab238f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 084368f0991afaa451f8b3359c0ff5bd |
| SHA1 | f8f9050d0b5f70369e3c6c790f6b66abb14fe426 |
| SHA256 | 0039d1f31988d55a13fde6bab395836af263222bd57b3611794cefb58fcba3bf |
| SHA512 | d72dac106857413cb0a613395db912bf2bc90d0f1de2710228ef10a1896c19766c739b57a379786b34e096945925f7b485b1f4312ee51f96cfba8725fb1510a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43b23b4af0a59b9503e7377a3dd4b58f |
| SHA1 | 69739c9884dbd6af8efa4317e52d232525e1a62d |
| SHA256 | 48de8081877f75d4ca6bdda0cc52e41a75d432479d44819a11729631dfc2d942 |
| SHA512 | 4740c89693446fc3e003fd14a81db494de03a45a10c52941c2932fe1d1f416cdc17b04637d8753d4e52e3b9aa496b5c57bbc90a5c43cb4abf01c5bae5d002f1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | c9f93f2db7f21b566e4d4541a96afc34 |
| SHA1 | 8259f32ca550c8880c92d5011753041b5c5c66ba |
| SHA256 | 6c194d1fb1cb84de21fec07a2fb0ba3279ed3b889b6c602ada502c54c57c95ca |
| SHA512 | b041967c7c35dab506dc2f1b2832ee75d325e924bef9d6bd0d0dd89b4dbdcbbd6fbd963826fa66b800b3ba07835c88f714bb636ddd567047cc39653706ca0620 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2757907f1099e4d105c5bd87679bf118 |
| SHA1 | 9d9813526b8d34dd2b6a46cea6800061298084de |
| SHA256 | d8f77c9268a4e9c46eada9517cd230402790cccbfad58991c87bf977745e2f21 |
| SHA512 | 1526d46265f4849527fbdeaf8615454665e57aa8be9e412db6029d9ca4fb58f16ba17b67b932f441cc9550d67199dde20c7088db2191345649a1b70ae2670046 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a5e0a964562b9a868ef479c47ba16b9 |
| SHA1 | 77dc69a5da6299e0f0deaee4e029bba8ec05761b |
| SHA256 | fe3719340d8553447b1ba98c0d84be821f9f5780864064063f5d2846ac475b2b |
| SHA512 | 60ca08d930abefd06b201d6b62af1d34a4b06590c0a1d555f6b6a9cf8a18a08ea7120b01aeacb4bfd061e11ca15ff77bd4af3d35fdfb8ae30b631c91bf3d5831 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dc4c426f37c823d08204c6f7d68cc6a |
| SHA1 | 9f120e024e3446357860b5d74fb5cab3f7d63390 |
| SHA256 | fdef00b626fbebad2c338d8b17987812fa19017f37d47ea600b0b902b45cff44 |
| SHA512 | c65b2026974e5a7e2361f1ee6bf2cc85ef01a8ae72c44a22e259d322f3c8e0db04278f4a468e9519b4312dae92bddab9aacafc0899a1d4024695406d06e873ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | c3b31cc60360fdef7f8ae53f80e1e916 |
| SHA1 | 7fb71ec82d6ce84ac8ef78dd4a6bcaed698d9bbd |
| SHA256 | 7ef854cd7379aa1f65f5408be5c6f2a3d7379d7580c02a3dca31c5130aba2f9b |
| SHA512 | d9965c07a2643361f0372eb2233be22fa572f818c9e5963be9670856e5e575316f67f3a390321f4619b572fa7a5f5b64d8ba8dd6c54ee098f9513ec6469291d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 67e486b2f148a3fca863728242b6273e |
| SHA1 | 452a84c183d7ea5b7c015b597e94af8eef66d44a |
| SHA256 | facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb |
| SHA512 | d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 05f2f99dd2ec67393a27283e305e8f87 |
| SHA1 | 418f4b6c1d806089dc5d08d5bf0bade783c114d4 |
| SHA256 | 1a363b8acf723f4bc520bfa0221e0b3a3977c69a035846f5dbd02939ac80e715 |
| SHA512 | d1254604b9ae05a717c9c8c38f373c77ef9b0a5f32aada3f580eb2331387c36bac1612673b7b7e24d6c3e35c0c897a018be2e1e87b204a0d7c268cf5038dacf7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c49bd271c9bd89a9cf58acfde73c28af |
| SHA1 | 9e14bc65a473eb35963dd1a99756eccadb79610e |
| SHA256 | 9b4e9d3e1fa66205d6fd35df8e3e3f2b35b969503b6ced222f44125be4c21d5f |
| SHA512 | 1062a759730311e874acef79daad51035175b516d94f635efd50d9fedaeb277a4449bc070e6101958836f9d3e1da8ea23874289378ab193ebfccc3067380ffdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 731c8a608f96f62d53e930aaa7abb292 |
| SHA1 | 856b4b341d9ed13574ab4235bbadcc4045313261 |
| SHA256 | d5180063c51f30e9f24af7f3241c0c8d11a7fc2b6477a78813f11f23e363f4c1 |
| SHA512 | 805731bad55c07df87c6faa8daa2a7742786559323c6bc6bf29c5d17561e200b8f7cb0c94e26a0278f310be7090f68271525ee5d1f6cd8bbd552d281235ce613 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4979bba53615b19aeaf639c84f4df0d2 |
| SHA1 | 2a6e7561e701c42efe33081e85681ede7e6e43d9 |
| SHA256 | 0122a123a842f029925a1058bfce7e1c5f8a3afe69dd7170ed9b6f3fd9a968ac |
| SHA512 | 78ad52cd8afe72fe7cf0de7d57b7c35fb7b625b44f68898ae746524a5bfe76d11718462460249d7488532105a2286f8245682850e2aee2f08a19ffd92c6ccb8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 35140d2d526cf73f9efe6f0c7d064315 |
| SHA1 | 9cd833e64f02aa50e28fcf68509ded82d4d8dd4b |
| SHA256 | a36f4c534b0f93c2e65a3ee6cc547f448b77690943e880c3d843192f07f8ed7e |
| SHA512 | 8801db3bf8a9362fa665812edb3edda9758b54fadcc4766d21d2e8619154ad63eb4d1fa17aa2de08b91c81e827a6275188a4ee204e2a1ead12e32bece78c623c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6c797373c1e1c4a336d194481aa616bc |
| SHA1 | 9f25becfb5d4f80df9245eff84a42073cad25956 |
| SHA256 | 7a933c3feecc289159b8a8dda48a9c6ac43ede0bcac5c7437aa40be8f5a9c321 |
| SHA512 | 3384ea67e44a297c116d7e9e6a370166b6cbae18ecda68c96d73857d4a0475536f3b7110fa5fca2d0f6037ff1f8feefa90fed9cb957f1ea8527d65f6309e40c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 52e21b5768cb1bb48037c5d99712a0cb |
| SHA1 | 24ac8d5761d5ee3963ff76cd3649a7b84db8d9ae |
| SHA256 | 49815ee7d833e89044d91be5f6dbdab8a64e43eab47cd367067dbda937f86c9d |
| SHA512 | d2a92c517ee5ee1d8518b47c7c9bf3cd02caa563581b7cb950d79a47de196bf1dd7d3b4d7d8dc9f1c31502890c1124c7eaf6a2686f0be0a5e5048c46d1deda7e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-02 18:21
Reported
2024-12-02 18:23
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Socelars
Socelars family
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | iplogger.org | N/A | N/A |
| N/A | iplogger.org | N/A | N/A |
Drops file in Program Files directory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133776372796224604" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im chrome.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcc2ebcc40,0x7ffcc2ebcc4c,0x7ffcc2ebcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1988,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1980 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2008 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2424 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3108,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3784,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3832 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4636,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4924,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5180,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3100,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.icodeps.com | udp |
| US | 172.232.31.180:443 | www.icodeps.com | tcp |
| US | 8.8.8.8:53 | 180.31.232.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 172.67.74.161:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ferramentasadicionais.s3.sa-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| BR | 3.5.234.43:443 | ferramentasadicionais.s3.sa-east-1.amazonaws.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| DE | 157.240.27.35:443 | m.facebook.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | naro-sys-log.s3.amazonaws.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| DE | 157.240.27.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.27.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.234.5.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.facebook.com | udp |
| DE | 157.240.27.14:443 | secure.facebook.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.27.240.157.in-addr.arpa | udp |
| US | 16.182.42.233:443 | naro-sys-log.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hyhjuer.s3.eu-west-3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 233.42.182.16.in-addr.arpa | udp |
| FR | 3.5.204.162:443 | hyhjuer.s3.eu-west-3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | www.11111111.xyz | udp |
| US | 52.20.84.62:80 | www.11111111.xyz | tcp |
| US | 8.8.8.8:53 | domains.atom.com | udp |
| US | 172.67.26.69:443 | domains.atom.com | tcp |
| US | 8.8.8.8:53 | 62.84.20.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.204.5.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.26.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.209.201.84.in-addr.arpa | udp |
| DE | 157.240.27.14:443 | secure.facebook.com | udp |
| DE | 157.240.27.35:443 | www.facebook.com | udp |
| DE | 157.240.27.14:443 | secure.facebook.com | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.listfcbt.top | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.typefdq.xyz | udp |
| DE | 142.250.185.99:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | www.rqckdpt.top | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.facebook.com | udp |
| DE | 157.240.27.14:443 | secure.facebook.com | udp |
| US | 8.8.8.8:53 | 99.185.250.142.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 8352ed5bbe3a7c0fbd94c2e14bc5de31 |
| SHA1 | 615d9809bb3144ab25b4ee7568644bea36bf9713 |
| SHA256 | fa82205adab69607bc80a103488725267ee51f7bae8d6a860ab7f969b8b89308 |
| SHA512 | 9cc9345e0591135e12308625c589d195ff6178276cd6245d43d46419c7e77165558de27fc05e3aab4214491a8fd7250bc5b9e1dc3cebdbe4fa988dbebb69372e |
\??\pipe\crashpad_2460_VNOKODMRCVQNMPWG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\content.js
| MD5 | f79618c53614380c5fdc545699afe890 |
| SHA1 | 7804a4621cd9405b6def471f3ebedb07fb17e90a |
| SHA256 | f3f30c5c271f80b0a3a329b11d8e72eb404d0c0dc9c66fa162ca97ccaa1e963c |
| SHA512 | c4e0c4df6ac92351591859a7c4358b3dcd342e00051bf561e68e3fcc2c94fdd8d14bd0a042d88dca33f6c7e952938786378d804f56e84b4eab99e2a5fee96a4c |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\jquery-3.3.1.min.js
| MD5 | a09e13ee94d51c524b7e2a728c7d4039 |
| SHA1 | 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae |
| SHA256 | 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef |
| SHA512 | f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\icon.png
| MD5 | c8d8c174df68910527edabe6b5278f06 |
| SHA1 | 8ac53b3605fea693b59027b9b471202d150f266f |
| SHA256 | 9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5 |
| SHA512 | d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\manifest.json
| MD5 | 6da6b303170ccfdca9d9e75abbfb59f3 |
| SHA1 | 1a8070080f50a303f73eba253ba49c1e6d400df6 |
| SHA256 | 66f5620e3bfe4692b14f62baad60e3269327327565ff8b2438e98ce8ed021333 |
| SHA512 | 872957b63e8a0d10791877e5d204022c08c8e8101807d7ebe6fd537d812ad09e14d8555ccf53dc00525a22c02773aa45b8fa643c05247fb0ce6012382855a89a |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\background.html
| MD5 | 9ffe618d587a0685d80e9f8bb7d89d39 |
| SHA1 | 8e9cae42c911027aafae56f9b1a16eb8dd7a739c |
| SHA256 | a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e |
| SHA512 | a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12 |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js
| MD5 | 13c7122b3581a8a39b2df223b4a3441c |
| SHA1 | 9985b8fba848794cf72c9b36e821721ccefbc00f |
| SHA256 | e4e181d669ec02db24acf2d9222e56f76a5b9db4dadc4677ba0f099a162fd520 |
| SHA512 | 7f8c2c65deb79af281ecbd73319c00b8480c916283b08f49099a03a2a0514ddeaa94c2f1d95ef0a2d096476a4b3b86c5770715d93373a36183733130b65e67c7 |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\pad-nopadding.js
| MD5 | 0f26002ee3b4b4440e5949a969ea7503 |
| SHA1 | 31fc518828fe4894e8077ec5686dce7b1ed281d7 |
| SHA256 | 282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d |
| SHA512 | 4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11 |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\aes.js
| MD5 | 4ff108e4584780dce15d610c142c3e62 |
| SHA1 | 77e4519962e2f6a9fc93342137dbb31c33b76b04 |
| SHA256 | fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a |
| SHA512 | d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2 |
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\mode-ecb.js
| MD5 | 23231681d1c6f85fa32e725d6d63b19b |
| SHA1 | f69315530b49ac743b0e012652a3a5efaed94f17 |
| SHA256 | 03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a |
| SHA512 | 36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 4ea6b3c5e77fcc430c842752cd75f0bb |
| SHA1 | 585f066dfaf09ad6ae72e7ca493a8cd5ecde44a2 |
| SHA256 | 451c2e22ce069a0467febe931b41c5ca8df7e98fc61b9c14c250ac0cea6fe524 |
| SHA512 | 8c36a17b5b6d68eb2f1444784c5d7c7190c059d3d47c3220db26818ecf6dcfa6d381ecf78a8db2d254ed51ecfd0aaa123f1ff2535d50266cade6780b8773a69c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ed61a5eb4bda069e46b4d008e579777c |
| SHA1 | 745ecef757321aef6abdf62e6dd496fafccba611 |
| SHA256 | 27ba9053355114cc32b9e4d96a8de774032aa319596dc1c6effa0624e21fbef0 |
| SHA512 | 77409a0b69a06ec4bb3be8b375bf93681a551909990ba05ae476dbac104db0c76f13997b53622598fbfc50cb241f6a989b65003dba68034ae77ba7adc31e31c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 3dfb776d2c3755474c6f110753263137 |
| SHA1 | 1f4531c1dce6bb2f7baf314c52fe572163da2572 |
| SHA256 | 2b8fd6ae79f2fd4838e162a73947e40596240b6370bc1d969ee88763a0fea880 |
| SHA512 | dcd3e2442977d0a9ecfdbd09d8fb95f6b44b6dc33caee9638787679774181f1d65b3e186e373aa2c3e0211c3a06eafd9d91456d9adbad2be8a2f5c1cf501ebb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 53f1439c888f3e3a77eade51ad7bd8f3 |
| SHA1 | 126290abd6c93d30cc83382a283404e0eaddc810 |
| SHA256 | ff6b0199198ec2e193a3cacd08e2dd7ef5068ce509bc7c7fdd915c0798271b33 |
| SHA512 | 4f2b6abe4a4326216815f54fcc91e4cd2911f4febb6722d06fa46c36d735d3f6aad77c97cf6b1e10de82479c39adada4fd67ddffca6a0fb35f0289b5268fba99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 841797c16e5e88f6cb76b8dff1015c8a |
| SHA1 | faabb06b42f94ada99c80296873b8f09b9e5212d |
| SHA256 | 9bae0c822ec9e72ccba21b37420bbd06db7c449b84c8f397466f30f453b45907 |
| SHA512 | c76cd273e98b0cfc22493eba0c26231c45154206becacd131651c0a76da7c62c05fb462337e445ffebcf3a6ce2e1f63fda48ee65e741ff8af14d26096f339242 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 48c6c4ca7919f58209b904bd4dbf717c |
| SHA1 | 1984ec414e3fdb89e709e2ebf4877b7d6808bd42 |
| SHA256 | da7a80259e9759c13275be9522a50b7568b2803e7bfea4cad7feaf1472370ce7 |
| SHA512 | a59aaa92db1d2877d8a579604cedaacd06aa423299ea5ee7f104d8fc336ec2f2a8443c046ed567a5f0032bf897547408e5ea503ed27a3ce54e3ce7cca70adc0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 93e91ac067441164765f599d31087ba7 |
| SHA1 | 7bdd45c9d8d286ef401ace8a5d5b2e57f185dcfb |
| SHA256 | 9920106adfa8d8a1affb4751261d6bd9108872f7b8b7a69026cb3f716646c5d7 |
| SHA512 | c5e7c09abda372d04fc4565e8f9baa10689818756d919591f19aaaa50a6d7b34ad1e647e962fb2012cbda51d7071abe6fe9c3166ea993565c36e3c4c51d05c7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 52f34a942302fd240a1205ea58b1d29b |
| SHA1 | a7b7e2b2c12b51cdd768fe8301426ce4a34c9aef |
| SHA256 | 51b9def827011da66c885d88a983f18c3f675a19d81100d8151473c4aae572b3 |
| SHA512 | 99126c5dbe14cfb5f0ba27669373a6b8eb4bd38e4432dce36ba82272932f8272e350bcbd0d869503979b064d893bb780f08e6544455f33e63660c8a400756e56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 836fde124984e254d9574f08803b0d3e |
| SHA1 | 3f849c1e44308a2b30c7fa7410af3780994c9322 |
| SHA256 | f454cbc5cc79f08937b3ca13c9e7d10d0304f3dfe1144516e9cee718f18aaf07 |
| SHA512 | 946474167e77bc38cea19b7ab9c5a9427f684bbfb3714cdcd1617db37d0d82756edf8403818367f5f5d4201c5107b564d7ea82ffea9d29877dbd77734bc87934 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6c9d4b22b50a77d463e620a4b2dfc67f |
| SHA1 | 5c7ece3a36fe3d3c89f4717b715edca76d56a853 |
| SHA256 | 10c07e9abf559c6f556c82099f7b97580a3f7300d4bcd9453bc8a808624b3b55 |
| SHA512 | 0f06b73d23b051d3e39ed0208014c53c6875b009fe3d1ba71669a4ee2905b1197b6382a7b43de8eb928eaf16f1733707c87b67e200757e8111b3409ed2295509 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cddca27ed1c59101aab2577f408e3da5 |
| SHA1 | deee14495d720193cbde9d0230a853c1f513933e |
| SHA256 | a41f9d1debe6416a893ef143c81df8226b02dd455c768aaca123ca47308263b7 |
| SHA512 | d7f9084af3efef4d7ad89923a9d1311a8a0eee93d8ec452f6ed9782459a1ddb87e15b18a4d4ad96ca1609008e674ca024432412fac18bad37b3855319c1a0dc8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f826fdd06dfc6d1098acfc8123f52d6c |
| SHA1 | 1a77f10a77927d2d6c6a128df13d940cf838bce7 |
| SHA256 | 0efa07b633f1a51b34163df701473203394e3a1ef36b2eca0dd54f93bb0ac9fb |
| SHA512 | 777a2e6d47fc56cade89822693ef3de6030132872c41377c509d3c7ab95ce5329de9c174958964da592affabab85cd10af982851beebfa00ad3139fff378852d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e2b3d571a38e84d239c8ccc8c3b3b91d |
| SHA1 | e472718f4abb0c90da8a86da7c8f9e05332f1471 |
| SHA256 | 3d3cb7355e19d01c423e9c3973b20810bb24441d4f04754329e676cef959f625 |
| SHA512 | d45b13e507f9d4b9660f7d15221f80bc8fc9c0fe5585983c3406ce1713ac55a0a31737e8af676ea3a7be4c635d3c6fd976e76adc42f53747b67fe8b2285ecf08 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 04e0be21b1ec33cbebfeb65e56866c59 |
| SHA1 | fbd305d20f6cc6cbcc93bee18d52ac5aa6cd6743 |
| SHA256 | b053b968803ba377d198a32ac9aa5aea6bd21aba0bc0605db123c043811ce114 |
| SHA512 | 5b56a54f290685275f17731b54f6e955fd5a6a0727613af08f995ebbd485e8f24383c45497fc480ddc9b4c230e01d579486916281e5b06ca151b6f0262171ce9 |